From a937dcb5ac477b8b6f938a5be998c6f147a16bd1 Mon Sep 17 00:00:00 2001
From: martin <martin@martin-ThinkPad-T410.(none)>
Date: Mon, 16 May 2011 22:37:54 -0400
Subject: [PATCH] -cc-2126: user should not be able to delete himself

added server side check
---
 .../application/controllers/UserController.php     | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/airtime_mvc/application/controllers/UserController.php b/airtime_mvc/application/controllers/UserController.php
index 28ed5c5dc..24d9d78d8 100644
--- a/airtime_mvc/application/controllers/UserController.php
+++ b/airtime_mvc/application/controllers/UserController.php
@@ -83,10 +83,16 @@ class UserController extends Zend_Controller_Action
     public function removeUserAction()
     {
         // action body
-        $id = $this->_getParam('id');
-        $user = new User($id);
-        
-        $this->view->entries = $user->delete();
+        $delId = $this->_getParam('id');
+
+        $userInfo = Zend_Auth::getInstance()->getStorage()->read();
+        $userId = $userInfo->id;
+
+        if ($delId != $userId){
+            $user = new User($delId);
+            $this->view->entries = $user->delete();
+        }
+            
     }